DeepSec 2016 Talk: Brace Yourselves – Exploit Automation is Coming! – Andreas Follner
Automating tasks is not only the domain of system administrators. We use computers for a lot of dull and boring processes. This enhances productivity and enables us to focus on problem solving. That’s good news. The bad news is that your adversaries can do this, too. While there are still more than enough hand-crafted attacks Out There™, there are classes of exploits that follow a certain pattern. So if you want to find out how this auto0wning works, you should listen to the presentation by Andreas Follner.
Gone are the days of simple stack smashing and code injection (thanks, DEP / W^X!), says Andreas Follner. Today, return-oriented programming (ROP) is the foundation of exploitation. Most ROP exploits are created as follows: you use a tool to dump all gadgets in a binary to the disk, grep specific gadgets like “pop rcx ; ret”, repeat till you have all the gadgets you need, and chain them together so they do what you want. Why aren’t we automating this process?
This talk will go over the basics or ROP, discuss which parts of ROP exploit development can be automated (and which give us headaches), and introduce several tools that can assist exploit development, including our own. Lastly, Andreas will also discuss current advances in mitigations and attacks from an academic point of view.
If you run code, regardless of what kind, then you should attend this talk.
Andreas Follner received his Master’s degree in IT security from the University of Applied Sciences Technikum Wien in 2012. He is currently working towards his PhD at TU Darmstadt (Germany), where his key research interests are exploitation, exploit mitigation, and binary analysis. As the main author of three peer-reviewed publications, he likes research that is not purely academic and has a practical impact.